[3083] in WWW Security List Archive
genuine facts about lexis-nexis
daemon@ATHENA.MIT.EDU (David Kennedy)
Thu Sep 26 00:18:16 1996
Date: 25 Sep 96 22:19:40 EDT
From: David Kennedy <76702.3557@compuserve.com>
To: Pippen Petty-Schroeppel <pippin@CYBERCOM.NET>
Cc: WWW Security List <WWW-SECURITY@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
You're in the NIC as the WHOIS for Cybercom.net. I believe one of your users
may be abusing your terms of service, and almost certainly is violating good
netiquette (RFC 1855). If this is a TOS violation, or you agree it's poor
netiquette, would you please curb this user?
The user, apparently, but not certainly, on one of your systems seems intent of
sending messages to the www-security list (unmoderated) while spoofing his/her
address. This person also has little regard to copyright protection. His/her
latest follows for your analysis of the headers.
It is possible that these headers are fictitious. A superficial inquiry on your
part should be able to determine their authenticity.
Dave Kennedy [CISSP] Research Team Chief, National Computer Security Assoc.
cc: www-security list
----- Forwarded Message -----
Sender: owner-www-security@ns2.rutgers.edu
Received: from ns2.rutgers.edu (ns2.rutgers.edu [128.6.21.2]) by
hil-img-6.compuserve.com (8.6.10/5.950515)
id TAA28867; Wed, 25 Sep 1996 19:49:02 -0400
Received: (from daemon@localhost) by ns2.rutgers.edu
(8.6.12+bestmx+oldruq+newsunq/8.6.12) id QAA00371 for www-security-outgoing;
Wed, 25 Sep 1996 16:07:39 -0400
Received: from kalypso.cybercom.net (kalypso.cybercom.net [206.28.134.5]) by
ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) with ESMTP id QAA00365 for
<www-security@ns2.rutgers.edu>; Wed, 25 Sep 1996 16:07:37 -0400
From: lastchance@socialsecurity.com
Received: from shell1.cybercom.net (root@shell1.cybercom.net [206.28.134.6]) by
kalypso.cybercom.net (8.6.12/8.6.12) with ESMTP id QAA04638 for
<www-security@ns2.rutgers.edu>; Wed, 25 Sep 1996 16:07:36 -0400
Received: from (frog@localhost [127.0.0.1]) by shell1.cybercom.net
(8.6.12/8.6.12) with SMTP id PAA02743 for www-security@ns2.rutgers.edu; Wed, 25
Sep 1996 15:56:14 -0400
Date: Wed, 25 Sep 1996 15:56:14 -0400
Message-Id: <199609251956.PAA02743@shell1.cybercom.net>
Subject: genuine facts about lexis-nexis
Apparently-To: www-security@ns2.rutgers.edu
Sender: owner-www-security@ns2.rutgers.edu
Precedence: bulk
Errors-To: owner-www-security@ns2.rutgers.edu
1) apologies for sending the CNET article twice last week, I'm still
learning how to send anonymous email :-). And I will reduce the
length of my posts, seeing as others thought the CNET information
was spam (I didn't).
2) http://www.vortex.com/privacy/priv.05.18.Z is a lucid explanation for
what *really* is going with lexis-nexis and some of the risks it involves
as we go about setting the rules for online citizenship
3) The Privacy Forum (authors of the above article I suggest people read)
is supported by the ACM Committee on Computers and Public Policy and appears
to be a savvy (moderated) publication. Interested folks can subsribe
off of http://www.vortex.com
Cheerio,
X
